Ensure that a Customer-Managed Key (CMK), also known as Bring Your Own Key (BYOK), is created and configured for your Microsoft Azure web tier in order to meet cloud security and compliance requirements. This conformity rule assumes that all the Azure cloud resources available in your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the tag set defined for your Azure web tier must be configured within the rule settings, on the Cloud Conformity dashboard.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When you use your own Azure Key Vault Customer-Managed Key to protect the data within your cloud web tier, you gain full control over who can use this key to access the web data, implementing the principle of least privilege on the encryption key ownership and usage. Cloud Conformity strongly recommends creating and configuring at least one Customer-Managed Key (CMK)/Bring Your Own Key (BYOK) for your Azure cloud web tier
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in this conformity rule with your own tag name and value created for the web tier.
To determine if a web-tier Key Vault Customer Master Key exists in your Microsoft Azure cloud account, perform the following actions:
Remediation / Resolution
To create and configure a dedicated Customer-Managed Key (CMK) for the Azure cloud resources provisioned within your web tier, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Web Tier Customer-Managed Key In Use
Risk level: High